Doha, Qatar: Scam and phishing are rising globally and in the Middle East, Turkey and Africa (META). In particular, in Q1 of 2023, Qatar saw a 88% increase in phishing attacks compared to Q1 of 2022. The holiday season is usually the time when cybercriminals intensify their activity. Summertime is not an exception because as people plan their vacations, they become easy targets for summer scam campaigns.
Kaspersky found that cybercriminals send out fake HR emails to employees over the summer months to get corporate credentials. The aim is to get the phishing link clicked by the employee. In the emails, the attackers mention vacation schedules: sudden vacation rescheduling, the need to confirm the dates or a clash with some important events. Given that many employees already have plans made, tickets bought, and hotels booked, they are more likely to fall for it.
According to Kaspersky, the emails sent by these cybercriminals showed that the sender was not a company employee, with several loopholes, including a nameless HR director in some cases and signatures that don’t match the organization’s corporate style. In most cases, attackers know only the recipient’s address. The automated mass mailing tool takes the company’s domain name and employee’s name from the address and automatically substitutes them to imitate the link and the sender’s signature. Even if the victim clicks the link, they can still spot signs of phishing on the attackers’ websites.
To stay safe and not fall victim to phishing, Kaspersky recommends implementing protection at the mail gateway level to lessen the likelihood of corporate employees encountering phishing emails. Internet-facing devices need to be protected by an endpoint security solution; hold regular awareness training for employees on the latest cyber threats, or, at the very least, regularly inform them of potential phishing scams; stick to reputable websites: use trusted and well-known travel booking platforms, airlines and hotel websites when making reservations and being cautious of unfamiliar or suspicious websites that offer unbelievably low prices or ask for excessive personal information.
Other measures include verifying website authenticity before making any transactions or providing personal details, double-checking the website’s URL for secure connections (look for “https” and a padlock icon), and being wary of websites with slight misspellings or unusual domain names, as these may indicate fraudulent activity, read reviews and do research: research the accommodations, airlines or travel agencies you plan to use. Read reviews from reputable sources to understand other travellers’ experiences and any potential red flags, and use a security solution.
